fix #953 Possible reflective cross site scripting in ConstraintViolations #1001
Conversation
WarFox
commented
Apr 19, 2015
|
* ConstraintViolation should not print the invalid value as it may cause reflective-cross-site scripting issue * Fixed all unit tests that expect the (was {invalidValue}) in the violation message.
Since the |
I'm all for it. Let's just remove the original, tainted input from the error messages. |
joschi
added a commit
that referenced
this pull request
Apr 25, 2015
Possible reflective cross site scripting in ConstraintViolation Fixes #953
I agree with @carlo-rtr about the Should we add the |
I think so :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.